Most smart cards in use today are flat, rectangular pieces of plastic resembling credit cards having electronic circuitry embedded therein. A typical smart card includes a microprocessor coupled to a memory, and the microprocessor executes instructions and performs operations on data of at least one software application program stored in the memory. The smart card provides a compact and portable computation resource for executing transactions in areas such as banking, sales, or security. Smart cards commonly appear in the form of credit cards, key-shaped tokens, and subscriber identity modules (SIMs) used in certain types of cellular telephones.
Many smart cards have a set of electrically conductive contacts arranged on an upper surface. A smart card reader/writer for communicating with such smart cards has a similarly arranged set of electrically conductive contacts. When a smart card is inserted in the smart card reader/writer, corresponding members of the two sets of contacts come into physical contact with one another. The main standards in the area of smart card and reader/writer interoperability are the International Standards Organization (ISO) 7816 standards for integrated circuit cards with contacts. The ISO 7816 standards specify interoperability at the physical, electrical, and datalink protocol levels. Other types of smart cards are “contactless.” In this situation, both the smart card and the smart card reader/writer include wireless communication interfaces for communicating wirelessly (i.e., without electrical contact).
Many smart cards provide secure storage for data, including cryptographic keys used to carry out secure transactions, and are capable of performing cryptographic operations. Cryptography is, in general, a technique commonly used to protect sensitive information by encrypting a message to protect the information in the message. One method of encryption is to use a key to mathematically transform the information into an unreadable format. A key may include without limitation a code or series of characters. Only those possessing the key can decrypt the message to reveal the information.
In one likely scenario, issuers of smart cards will use one or more issuer's master keys to encrypt data for transmission to a smart card after issuance to ensure only changes authorized by the issuers are made to issued smart cards. Since an issuer's master keys may also be used to make unauthorized changes to issued smart cards, security of the issuer's master keys is essential.
U.S. Pat. No. 6,131,090 describes a method and system for providing controlled access to information stored on a smart card. The information is stored in encrypted form. A data processing center provides an access code, including a key for decrypting the information by authorized service providers. The smart card receives and verifies access codes, uses the access code to decrypt requested information, outputs the requested information, and computes a new encryption key as a function of information unique to the access session.
U.S. Pat. No. 6,481,632 discloses a smart card architecture wherein a card issuer empowers application providers to initiate approved changes to smart cards. Loading an application onto a smart card involves a card acceptance device issuing a load command. The load command includes an appended command authentication pattern used to verify the load command. The card acceptance device provides the application to the smart card. The application includes an appended application authentication pattern used to verify the application. After verification, the application is loaded into a memory of the smart card.
A need arises for a system and/or method to enable an end-user to manage the information on a chip that the end-user is entitled to manage, on any platform, in a manner such that all transactions are secure, authenticated and authorized while ensuring that the issuer's master key remains secure.